Make the transition of an existing UBB.threads forum from http to https.
Summary 1) Obtain a valid security certificate from your webhost or a reputable third-party seller. I've purchased many "PositiveSSL" certs from SSLs.com. 2) Install it using SHA-2 and make sure it is configured properly. 3) Update ALL your URLs in the Control Panel or manually in your config.ini file. This includes the Homepage URLs, Contact pages, Referer Check, any forum headers/footers, etc. 4) Run a SQL query on your posts, private messages, user avatars, profile comments tables to replace "http://www.YOURDOMAIN.COM" with "https://www.YOURDOMAIN.COM" 5) Set up HTTP to HTTPS 301 redirects in your .htaccess file to forward from http:// to https:// 6) Update all external plugins to ensure they are HTTPS compliant (sharaholic, twitter, facebook, youtube, ubb custom-tags, and, if your website contains non-UBB.threads content, all those internal site links - trust me you won't find them all in a single pass) 7) Test your website. BONUS: Update your URLs in google/bing webmaster tools. Update any ads placed on your website, such as Google Adsense. Update any website analytics code.
** MAKE A BACKUP BEFORE YOU BEGIN **
UPDATE 2019-07-02: As of UBB.threads 7.7.2 a simple 1-click utility is built-in to accomplish the database transactions for you.
Control Panel > Content Rebuilder > Transition Actions: Update Forum URL References from HTTP to HTTPS
The 1-click utility performs the following updates:
The SQL ** BE VERY CAREFUL OF "POST_DEFAULT_BODY" and "POST_BODY" USAGE - DO NOT INTERCHANGE THEM • POST_DEFAULT_BODY - [BBcode] This is the original post. CONTENT REBUILDER > REBUILD POSTS takes this and converts it to POST_BODY [HTML] • POST_BODY - [HTML] This is shown to the user. it is generated from POST_DEFAULT_BODY
To update your POSTS: * ubbt_POSTS - POST_DEFAULT_BODY
Code
UPDATE ubbt_POSTS
SET POST_DEFAULT_BODY = replace(POST_DEFAULT_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');
* ubbt_POSTS - POST_BODY
Code
UPDATE ubbt_POSTS
SET POST_BODY = replace(POST_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');
To update your PRIVATE MESSAGES: * ubbt_PRIVATE_MESSAGE_POSTS - POST_DEFAULT_BODY
Code
UPDATE ubbt_PRIVATE_MESSAGE_POSTS
SET POST_DEFAULT_BODY = replace(POST_DEFAULT_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');
* ubbt_PRIVATE_MESSAGE_POSTS - POST_BODY
Code
UPDATE ubbt_PRIVATE_MESSAGE_POSTS
SET POST_BODY = replace(POST_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');
To update your USER AVATARS: * ubbt_USER_PROFILE - USER_AVATAR
Code
UPDATE ubbt_USER_PROFILE
SET USER_AVATAR = replace(USER_AVATAR, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');
To update your PROFILE COMMENTS: * ubbt_PROFILE_COMMENTS - COMMENT_BODY
Code
UPDATE ubbt_PROFILE_COMMENTS
SET COMMENT_BODY = replace(COMMENT_BODY, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');
To update your USER SIGNATURES: * ubbt_USER_PROFILE - USER_DEFAULT_SIGNATURE
Code
UPDATE ubbt_USER_PROFILE
SET USER_DEFAULT_SIGNATURE = replace(USER_DEFAULT_SIGNATURE, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');
* ubbt_USER_PROFILE - USER_SIGNATURE
Code
UPDATE ubbt_USER_PROFILE
SET USER_SIGNATURE = replace(USER_SIGNATURE, 'http://www.YOURDOMAIN.COM', 'https://www.YOURDOMAIN.COM');
HTTP to HTTPS 301 Redirects For Your .htaccess File
Code
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Notes and Further Reading Full URLs (http:// and https://) vs relative URLs (//): If you want to correctly FULLY go SSL, use the full protocol name of "https://www.YOURDOMAIN.COM" instead of just "//www.YOURDOMAIN.COM" The reason to use just double slashes instead of the HTTPS protocol declaration, is if you intend to have your secure urls (https) distribute different content than your open urls (http), since both are seen as separate urls on search engines.
If you are switching to HTTPS, it is advised to fully replace all your http protocol references with https, and forward all calls from http to https. Do not allow the browser/end-user to choose http by leaving your protocol blank with an open "//" url.
Sometimes IE7 and IE8 do not correctly handle "//" assets. They look at this as being a file transfer, and will attempt to download the page through a download window. Even though the "//" asset is a spec from 1996/1998 https://www.paulirish.com/2010/the-protocol-relative-url/
Google SEO HTTPS Migration Checklist (for the ad and SEO focused) Source: Search Engine Roundtable • Update all your ad code to support HTTPS • Ensure your analytics will work on the new HTTPS URLs • Update your site search (if not using the inbuilt UBB.threads search methods) to support HTTPS and discover new URLs sooner • Create and submit your new HTTPS XML sitemaps • Review the Google site move article • Verify the new HTTPS site with Google Webmaster Tools and track indexation, crawling, search queries, etc.
Final Steps • Test your site using the Qualys Lab tool • Followup by searching for, and reading additional articles on "http to https site moves," to know what to expect
Be sure to backup your database before preforming any maintenance as preforming any direct maintenance to the system can leave you with a complete mess and a broken forum.
6) Update all external plugins to ensure they are HTTPS compliant (sharaholic, twitter, facebook, youtube, ubb custom-tags, and, if your website contains non-UBB.threads content, all those internal site links - trust me you won't find them all in a single pass)
In layman's terms, how is this achieved? I just noticed I can't see embedded YouTube videos using the Insert Media Tag method... My SSL Report is Grade A.
You'll have to use any 3rd party sites SSL server to provide secure content for your users; in v7.6.0 we included new UBBCodes that support SSL, simply import them (they're in the "install/custom_codes/tags.php" file in the install files you downloaded from this site) via the tag editor in the control panel (CP -> Tools & Information -> Content Rebuilder -> Custom Tag Editor Tab).
@M4TT, this is probably what you're looking for. As gizmo pointed out, all of the new codes have also been updated to support https. As usual, after youve updated, run the post/content rebuilder. If you have any third-party software or plugins on your website (not ubb.threads software), you'll need to update those for https per their own instructions.
There are new Media Tags which support displaying videos on mobile devices. You will need to install these manually. After your forum has been upgraded, go to "Control Panel » Content Rebuilder" and select the "Custom Tag Editor" top tab. Next, choose "Import New Tags" from the bottom tab. And finally, browse to your local install/custom_codes/ directory from the "ubbthreads-XXX.zip" archive and select the "tags.php" file.
This will add new set of Media Tags to your existing set. The new items will be prefixed by "[new]". From this screen, you can also disable any tag which you dont want displayed on your forum. You should delete any of your old tags that were upgraded within the new set.
Okay guys, I just added an s at the end of any http fields in the Content Rebuilder > Custom Tag Editor > Custom Tag List: YouTube Video and ran a rebuild on posts and it's working now!
@M4TT, thats the old YouTube tag code from version 7.5.x. It is not mobile friendly and detects just 17 of the top 32 most common different YouTube URL variations. Follow the directions to upgrade to the 7.6.x Youtube REGEX strings, which can detect more than 32 of the most common YouTube variations. In addition, it will not break your forums for mobile users.
I totally ran across this thread on accident. But BOY do I NEED it! I have a forum that's probably 20-25 years old and still running strong, and upgraded to SSL (https) last fall...and never did the database on the rest of the site (forum) because I didn't want to crash it. It's so HUGE. so I basically just did the homepage, and some other non-forum pages on the site, but I Really need to do the forum cause it's affecting SEO already having mixed content. Bless you! for writing/starting this thread, and everyone who has contributed to it. I'm a website developer (mostly wordpress) who picked up this client with this old site with this UBBThreads forum on it, and it's been a struggle for me ever since I picked it up, but he really hasn't run across anyone in the area even as knowledgeable as I am, which doesn't say much really.
I'm going to read through this, as I contemplate updating some db tables, gently, one at a time. But if anyone is super-experienced and wants to lend a hand, PLEASE don't hesitate to offer. (LOL)
Hi Donna, I too was nervous about the switch to https, but if you follow Isaac's guide, I'm sure you'll be ok. It went much more smoothly than I'd anticipated.
I'd love to move our entire forums over to https, but we don't have any control over the thousands of images linked from off site. Any suggestions about these (short of going through 2 million+ posts)?
we don't have any control over the thousands of images linked from off site.
You dont have any control over hot-linked images on your site other than to continue allowing them to be hot-linked, or blocking them entirely. If you continue to allow them to be hot-linked using their http address, you could set your .htaccess file to be less-strict and allow those items of a certain file type, or from within a certain path. Or you could set your .htaccess to just forward all http page requests to https pages, still allowing all media to be accessible through their http... and https addresses.
Originally Posted by PianoWorld
Any suggestions about these (short of going through 2 million+ posts)?
As detailed within the very first post of this thread, use the SQL commands to find all occurrences of (for example) "http://pianoworld.com" and replace with "https://pianoworld.com". The process takes less than an hour to complete. Backing-up your database is where the majority of your time will be spent.
If you are doing a brand new install of UBB.threads, you would set it up with the protocol you intend to for your new forum.
Changing the protocol or domain/domain structure of your already established website needs to be manually. The easy-to-follow directions are posted in the OP of this thread. When you intend to move your forums to another protocol or domain/domain structure, the list in the OP should be used.
This is a very helpful post. Unfortunately I've not figured out what to do about the thousands of posts containing images hosted outside of our domain, and not on https. I've noticed some browsers get really ticked off when you have mixed secure/non-secure content.
for the rest of the sites, and other random ones, you can either keep them as they are or risk doing a batch conversion again. this is one dellema which many long running websites need to deal with.
Thanks Issac, I know we aren't big by some standards, but at over 2,800,000 posts I'm a little leery of trying to find all the instances that need to be switched over. As you know, you only have to miss one on a page (even if it's a background dot) to have the browsers complain (or even stop the content from loading).
I've been told it can be done this way... ===================================== (suggested by one of our forums members)
The standard way to fix mixed content issues like this is to make an ssl proxy for images when it’s detected that they come from insecure http. What this means is that the forum server scans URLs to see if they are insecure and then downloads the image itself and then serves it as https. I’m surprised that UBB.threads doesn’t support this out of the box (and I searched a little and doesn’t appear to) but it’s literally 5 or 6 lines of php to do this. And I like to think I’m not just an “armchair expert†as I write code for a pretty big internet company and do stuff like this a lot smile Actually I’m not sure if Frank would be comfortable but I’d be happy to make the change or provide his web developer with the info on making this change. However, this would increase bandwidth costs slightly so that could be a concern. =========================================================
But I'm not sure what this would do to the server load, or how well it would work.
Don't get me wrong, I'd love to make our forums secure. I know the search engines are starting to penalize sites for not being secure. I just don't want to do more harm then good, and still end up with a mixed bag.
Development on UBB.threads was abandoned in 2009 when Rick sold UBBCentral and UBB.threads to UBBSystems, SD had been hired on to contribute security fixes and some feature additions, but until Isaac and I started development on 7.5.9+ in 2015 the product had seen little activity (there was a 2 year gap between 7.5.8 and 7.5.9).
Currently, a proxy to masquerade 3rd party non-HTTPS image attachments as a local HTTPS URL isn't planned at all; the time to develop, test, test security, and maintain a database would be quite cumbersome and would push the focus of what development time we have towards UBB.threads in directions that would be better focused elsewhere (such as compatibility with newer builds of PHP and MySQL, furthering web standards, UI cleanup, etc). A new tool would require parsing the database for 3rd party links, building a database of these links, writing a script to process new requests to those links, updating all previous posts for the parser, etc. Not to mention, a large (your forum is huge) forum would end up with a sizable database table to hold this additional content.
Our official stance on the matter is that the existing links in the database need to be updated, and 3rd party content reigned in (such as having users upload their images directly into their posts vs using 3rd party services, and forcing them to not have images in their signatures and to upload their avatars to your site vs hosting externally). If the 3rd party resource doesn't offer an HTTPS option, its their shortcoming.
Isaac's guide (the original post in this thread) was created to provide forum owners (who know what they're doing) with directions towards converting their forums to 100% HTTPS, anything outside of UBB.threads (such as user submitted content from 3rd party websites) falls under Step #6 of his guide:
Originally Posted by isaac
6) Update all external plugins to ensure they are HTTPS compliant (Sharaholic, Twitter, Facebook, YouTube, UBB Custom Tags, and, if your website contains non-UBB.threads content, all those internal site links - trust me you won't find them all in a single pass)
I'm not sure that anyone realizes that Isaac has donated his time to assist with the development of UBB.threads; UBBDev is contracted by UBBSystems to build one release per year, anything beyond that is complimentary and is done in our spare time. The new features you're all seeing are what we utilize on our own private forums, that we've issued out to the public (such as continued updates to my proxy/cdn user IP detection library, Stop Forum Spam, etc).
These forums are here, as they always have been, as a user to user discussion forum; the vendor (UBBSystems) does not generally frequent these forums. The only method of official support is through the UBBCentral support pages.
I know how hard you and Issac work, and that we would be in deep s*** without your involvement. I for one am very glad someone is still taking an interest in the UBB. I can't begin to imagine trying to port my forums to another platform.
I'm just trying to figure out if there is a viable way for me to convert our forums to https so our users and the SEs are happy. There is obviously no easy answer and a good chance to make things worse.
I did find this line in your reply interesting though...
"(such as having users upload their images directly into their posts vs using 3rd party services, and forcing them to not have images in their signatures and to upload their avatars to your site vs hosting externally)"
I don't know of any way the users can upload images directly into their posts. I'd love to be able to force people to upload their pictures, storage space is relatively cheap. That would give us the https control and eliminate broken images from external links that no longer work.
However right now the only way I know is either upload into the photo gallery, grab the url, and then use the insert image link. Or link externally.
"(such as having users upload their images directly into their posts vs using 3rd party services, and forcing them to not have images in their signatures and to upload their avatars to your site vs hosting externally)"
I don't know of any way the users can upload images directly into their posts. I'd love to be able to force people to upload their pictures, storage space is relatively cheap.
File attachments. Enable your users access to Attachment Manager. Its been part of the UBB.threads software for over a decade.
Per forum / group: Control Panel > Permissions > Forum/Group: Max file attachments Control Panel > Permissions > Forum/Group: Max file attachment size
Image attachments can further be processed within: Control Panel > Master Settings > Attachments
When a user has access to attach files to their posts, they will see the "Attachment Manager" link in the Post Option section of their post.
If you follow the https guide You will find it is only changing your sites URL's. So if someone posted a link or avatar from somewhere offsite. Then the url would not be "forum.pianoworld.com " and not be changed the url would then be like photobucket.com and would not be impacted. Unless you expand on the queries in the guide. If you do expand on the query then do them one at a time for example youtube is https now.
Last edited by Ruben; 05/31/20191:52 PM.
Blue Man Group There is no such thing as stupid questions. Just stupid answers
The standard way to fix mixed content issues like this is to make an ssl proxy for images when it’s detected that they come from insecure http. What this means is that the forum server scans URLs to see if they are insecure and then downloads the image itself and then serves it as https. I’m surprised that UBB.threads doesn’t support this out of the box (and I searched a little and doesn’t appear to) but it’s literally 5 or 6 lines of php to do this. And I like to think I’m not just an “armchair expert†as I write code for a pretty big internet company and do stuff like this a lot smile Actually I’m not sure if Frank would be comfortable but I’d be happy to make the change or provide his web developer with the info on making this change. However, this would increase bandwidth costs slightly so that could be a concern.
The serious downside to a simple proxy approach is that you are routing all external resources through your own server/systems. Which is not only a liability, but also can get rather costly. It adds complexity to the page for no good reason. It also defeats any CDNs which are suppose to route to near servers or balance to idle ones.
With a simple proxy script, anything can be included and will be delivered from your domain.
The security now becomes even worse than without the use of a pseudo-SSL proxy script. With this, your site could appear to be hosting malicious files.
Expanding on that, if a random user would copy that new SSL link with "your domain url + malicious file link" across the web, you get the "site credibility ding" for "hosting" the malicious file, even though you are only passing it through as a third party. The random user could also apply any link to the proxy tool they wanted to add.
Real-time tracking of all HTTP URLs and requesting them again if SSL connection failed is highly inefficient and overall sounds like a bad idea.
Its highly unlikely that there are going to be any core workarounds of this type written for UBB.threads, especially because the vast majority of websites today use SSL anyway, and the rest can either get on with the program or have their content treated as a second-class citizen. UBB.threads 7.7.2 provides a optional forum setting to replace hotlinked insecure embedded images with a plain URL that the end user can click through to view if they choose to.
That said, nobody is going to stop you from adding any sort workaround with custom code or server modules. good luck.
My website was originally created from a framework that I borrowed back in 1998. it was with no WYSIWYG editor involved, a couple banner rotating perl scrips was used as well. All layout within the HTML. Later I used dreamweaver to maintain it along with using UBB classic and then Threads.
Never dared to transit it to HTTPS. Have been testing bootstrap a little now just by using an editor tool and created a few pages. Will try to learn more and rebuild the site. That said I created a few pages using static banners and now I have deleted all old files from the server except for images and UBBThreads. The pages I have uploaded has no HTTP links mearly /forums and /image.xxxxx.jpg
Now I need to learn all the steps how to transit website and UBBThreads to HTTPS.
When that is learned I guess the first step is to close the forum and do a full backup, then proceed with the steps.
in CP >> Master settings >> Paths & Database form there is a box reading Full URL to Forum Directory qhich must have a full URL
then there is a box named Full URL or Relative URL to Forum Directory which I today have set relative to "/forums" is that ok then too or should I use the HTTPS full url?
Today its actually possible to use both HTTP or HTTPS both seems to work.
Anyway as you see I'm not ready yet to transit but wanted to lift this thread to the top again. It is very important not to screw up the forum. Any advise is highly appreciated.
I also thought this to be complicated my first time I did it. But isaac laid it out step by step to follow.and it really is easy to do.
First step is the ssl certificate that has to be installed on the server via the hosting control panel. Be it either a free one provided by the host or a private purchased one. To me that was the hard step.
Then just follow the directions given above..
As far as paths in the ubb control panel goes. paths that have the http:// are the only paths that need to change to https://
Blue Man Group There is no such thing as stupid questions. Just stupid answers
One other item is you offer paid subscriptions but you do not use https. So people may shy away from subscribing.due to it shows the site is not secure.
I also do not know why you use www but that is up to you,
Blue Man Group There is no such thing as stupid questions. Just stupid answers
Not sure where to begin, first I do have some issues understanding the tech computer English (am Swedish) so I often find my self repeating my questions just to be sure.
Have a VPS that Gizmo suggested some years back at Interserver, had some issues a few years back and IS pointed my domain thru Cloudflare. That said I can actually use both HTTP or HTTPS to open forum pages. Dunno if its because of CF or not. See- http://www.EXAMPLE.com/forums/ https://www.EXAMPLE.com/forums/ What do you get from that?
Within the VPS I have both WHM for the overall and cpanel for EXAMPLE.com domain account. Looking at CP I notice within the domain I can turn on force HTTPS redirect.
There is a SSL certificate with a RSA Key, and it seems valid. AutoSSL Domain Validated.
Looks like I'm at #3 which is easy as I have so few pages online now, #4 is a big task at the moment as I must ask more about the SQL queries.. I guess I must close the forum and backup before #3. OH how do I know #2 is configured properly?
Quote
1) Obtain a valid security certificate from your webhost or a reputable third-party seller. I've purchased many "PositiveSSL" certs from SSLs.com. 2) Install it using SHA-2 and make sure it is configured properly. 3) Update ALL your URLs in the Control Panel or manually in your config.ini file. This includes the Homepage URLs, Contact pages, Referer Check, any forum headers/footers, etc. 4) Run a SQL query on your posts, private messages, user avatars, profile comments tables to replace "http://www.YOURDOMAIN.COM" with "https://www.YOURDOMAIN.COM" 5) Set up HTTP to HTTPS 301 redirects in your .htaccess file to forward from http:// to https:// 6) Update all external plugins to ensure they are HTTPS compliant (sharaholic, twitter, facebook, youtube, ubb custom-tags, and, if your website contains non-UBB.threads content, all those internal site links - trust me you won't find them all in a single pass) 7) Test your website. BONUS: Update your URLs in google/bing webmaster tools. Update any ads placed on your website, such as Google Adsense. Update any website analytics code.
Anyway I'm rambling a bit its late here and I'm up early for some volunteering work.. Someone must drive the Zamboni ice-resurfacing machine early in the morning and day for the young players and ice figure skating boys and girls.
For number 4 there is a selection in the re builders now that will run all the query's for you automatically.. You just click on the link and it runs. As far as cloudflare , yes they provide a free ssl if you use them as a proxy.
Blue Man Group There is no such thing as stupid questions. Just stupid answers
Yes that is because you're using a Content Delivery Network (CloudFlare; not a proxy), they provide a free SSL for all accounts; it is what I use on all of my sites.
I force all HTTP traffic to HTTPs through a CloudFlare Page Rule:
Quote
If the URL matches: example.tld/*
Then the settings are: Forwarding URL, 301 Redirect https://www.example.tld/$1
The above forces WWW, you could also just trigger for non-HTTPS by:
Quote
If the URL matches: http://*.agardenersforum.com/*
Then the settings are: Always Use HTTPS
If you're already using HTTPs through CF steps 1/2 are moot. For the rest you just need to access UBB.threads over HTTPs and run the rebuilder " Update Forum URL References from HTTP to HTTPS".
Just remember that if you turn off cloud flare for any reason then you loose SSL. For that reason I purchased and installed a SSL via SSLs.com to be redundant.
Blue Man Group There is no such thing as stupid questions. Just stupid answers
FWIW my server, like Morgans CPanel, offers free SSL through a provider (CPanel does it themselves, I think it's a custom LetsEncrypt system, whereas Virtualmin uses LetsEncrypt); but, iirc, they require a callback to be made which doesn't happen over existing SSL certs (such as CF)...
I run only CloudFlare for my SSL/HTTPS, and have never had a need to "turn it off" for any reason (doing so would expose my server IP address to spammers and bots).
Info: My website has now only about 20 web pages online plus the ubbthreads forum The website pages has all internal relative links like “/“ or “/example_folder/example_file.html. No HTTP//: or HTTPS//: only relative links internal. There are links to other sites both HTTP and HTTPS depending to the website it links to. No third party links HTTP only HTTPS.
Here is what I believe is status right now for my site/forum I’m my WHM I have daily backups they are incremental. The time when the backup is local just after AM03.00. So I’m thinking that I could close the forum when I get to bed around PM 11.00 a few hours before and get my sleep. Then waking up at AM 08.00 I could go a head and start the HTTP >>> HTTPS transit process by
1) Obtain a valid security certificate from your webhost or a reputable third-party seller. I've purchased many "PositiveSSL" certs from SSLs.com. FIXED!!!
2) Install it using SHA-2 and make sure it is configured properly. FIXED!!! I HOPE...DUNNO HOW TO CONFIGURE
3) Update ALL your URLs in the Control Panel or manually in your config.ini file. This includes the Homepage URLs, Contact pages, Referer Check, any forum headers/footers, etc. I CAN DO THIS IN THE CONFIG, HEADER AND FOOTER FILES!!!
4) Run a SQL query on your posts, private messages, user avatars, profile comments tables to replace "http://www.YOURDOMAIN.COM" with "https://www.YOURDOMAIN.COM" I CAN DO THIS IN CP >> CONTENT REBUILDER >> Update Forum URL References from HTTP to HTTPS!
5) Set up HTTP to HTTPS 301 redirects in your .htaccess file to forward from http:// to https:// IN MY WEBSITE CPANEL “DOMAIN” THERE IS A ICON AND IT READS Force HTTPS Redirect I PROBABLY SHOULD ENABLE THAT BUT I’M NOT SURE!!! IF I WOULD DO IT DIRECT IN .HTACCESS THEN IT PROBABLY IS THE FILE IN THE WEBSITE ROOT!!! COULD THAT BE CORRECT??? THAT FILE IS FULL OF OLD STUFF BY THE WAY!!!
6) Update all external plugins to ensure they are HTTPS compliant (sharaholic, twitter, facebook, youtube, ubb custom-tags, and, if your website contains non-UBB.threads content, all those internal site links - trust me you won't find them all in a single pass) WILL DO THIS AS TIMES PERMIT SINCE I DON*T USE ANY OF IT NOW.
7) Test website / Forum if it seems to work I open it again… Please comment on this particulary .#5